Third Party Services: Ease or Risk?

September 9, 2015 • Published Categories Best PracticesTags ,

While assessing one of the largest public sector enterprises recently, I asked for the routine maintenance reports and records for IT, Human Resource & Facility Administration. The auditee promptly dug out the files and presented the requisite records. While reviewing the records I noticed that … Read more

Do Vendors Keep a PCI Compliance Certificate?

April 2, 2015 • Published Categories PCI 101Tags , , ,

“Ask the QSA” Question: Is there a PCI Compliance certificate that we need to ask vendors for? Answer: There is no “certificate” for PCI compliance. You can ask for an AOC (Attestation of Compliance) which, properly completed, should assist you in knowing what PCI compliant services … Read more

Ready Your 3.0 SAQ Game Plan

December 17, 2014 • Published Categories Best PracticesTags , , , , , , , ,

2014 has been a year filled with news about breaches – big breaches – record breaking breaches. I have spent the majority of the year talking to many people about PCI DSS version 3.0 SAQs.  I have spoken to Merchant Banks, Processors, small businesses, IT … Read more

Our Service Provider is Compliant, Must Our Organization Be As Well?

December 9, 2014 • Published Categories PCI 101Tags , , , , ,

“Ask the QSA” Question: My organization is an online service provider. Our customers are merchants (i.e., our customers are receiving the payment through our servers) and the credit card payment storage is done by a Level 1 PCI DSS Validated third party. Does my organization … Read more

Hosted Private Cloud Service Providers: Should They Be PCI Compliant?

October 8, 2014 • Published Categories PCI 101Tags , , , ,
SSC Mobile and Cloud Guidlines

Question: We are considering moving a server containing cardholder data to a hosted private cloud provider.  Is it necessary that the provider have a PCI DSS assessment of their own and produce an Attestation of Compliance? What if they produce a report from an independent … Read more